Full body scanners and the law of privacy, a US Case – Patrick Bidder

26072011

On Christmas Day 2009, a man boarded a flight from Amsterdam to Detroit and allegedly tried to detonate a bomb hidden in his underwear. Thought to be a failed Al-Qaeda terrorist plot, this led to the introduction of Advanced Image Technology (‘AIT’) (full body scanners) in UK airports and the acceleration of their use in the US.

In the US, the introduction of the new technology has just been declared lawful. In the UK, the interim code of practice setting out their acceptable use has just been the subject of a public consultation.

On 15 July 2011, the United States Court of Appeals for the District of Columbia Circuit upheld the use of full-body scanners to screen air travellers in the case of Electronic Privacy Information Center (EPIC), et al. v United States Department of Homeland Security, et al. (US Court of Appeals, DC Circuit, 15 July 2011)

The Transportation Security Administration (“TSA”) had begun to deploy scanners that used AIT rather than the traditional magnetometer in 2007 and introduced them more widely in early 2010. The AIT scanner produces a crude image of an unclothed person, enabling the operator of the machine to detect a non-metallic object, such as a liquid or powder without touching the passengers coming through the checkpoint. No passenger was in fact ever required to submit to an AIT full body scan but could opt instead for a ‘pat down’ search. The TSA also took steps to mitigate the effect on the passengers’ privacy, including obscuring facial features, ensuring that the images were viewable only by an officer sitting in a remote and secure room and deleting the images as soon as the passenger was cleared.

However, EPIC and two other individuals petitioned for a review of the TSA’s decision to screen by the new method. They argued that the decision violated various federal statutes, the Fourth Amendment of the United States Constitution and in any event should have been subject to a consultation (‘notice and comment’) before being adopted.

Judge Ginsburg, who was sitting with Judge Henderson and Judge Tatel, stated that “it is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not”. However, he ruled that the decision was not unlawful under:

the Video Voyeurism Prevention Act, 18 U.S.C because it does not apply to any “lawful law enforcement, correctional or intelligence activity”; and

the Privacy Act, 5 U.S.C because the TSA does not maintain data from AIT scanners in any system of records linked to names or any other identifier, nor had EPIC offered any reason to believe that the TSA had attempted to identify the images from any other sources.

EPIC also failed in their argument that the Chief Privacy Officer (CPO) of the Department for Homeland Security had not done enough to safeguard privacy. The judges refused to disturb the CPO’s conclusion that the built in privacy protections were sufficiently strong.

Nor had the TSA’s decision breached the Fourth Amendment which guards against unreasonable searches and seizures. EPIC had argued that the search was more invasive than was necessary to detect weapons or explosives, however, the judges relied on the US Supreme Court’s continued refusal to declare that “only the least intrusive search practicable can be reasonable under the Fourth Amendment” (City of Ontario v Quon, 130 S. Ct. (2010)) and the fact that passengers could opt out of the search.

However, the Judges ruled that the TSA should have conducted a “notice-and-comment rulemaking” procedure before implementing their decision and remanded the matter to the TSA for further proceedings. Marc Rotenberg, the EPIC Executive Director, responded to the ruling by saying that “many Americans object to the airport body scanner program. Now they will have an opportunity to express their views to the TSA and the agency must take their views into account as a matter of law”.

Last week’s ruling serves as a reminder that the AIT system is also in use across UK airports. In January 2010, the Government announced a package of measures to enhance the protection of the travelling public following the failed Christmas Day plot, including the introduction of AIT full body scanners.

An interim code of practice was published by the Department for Transport to support the introduction of AIT scanners at Heathrow and Manchester airports and a consultation on the code was commenced on 29 March 2010. The purpose of the consultation was to seek the public’s views on the interim code with a view to preparing the final code of practice.

Responses were made to the consultation by, amongst others, Liberty, the Equality and Human Rights Commission and the Islamic Human Rights Commission. Each organisation was concerned at the impact the implementation of the AIT scanners would have on a traveller’s privacy. Unlike in the United States, if an individual is selected for body scanning in the UK, an alternative will not be offered. This was emphasised in Liberty’s response which said that “the issue here is not a refusal to submit to a security search, but the disproportionate impact on some people’s privacy…caused by the lack of an alternative means of being searched. While some may object to revealing these intimate details and may prefer this to be being physically touched, human rights concerns the dignity of individuals and, a majority-rules approach is not only inappropriate, it may also be unlawful.”

The consultation on body-scanners in UK airports closed on 19 July 2010. Clear questions have been raised in response but no final code yet produced.

Perhaps the recent judgment in the US Court of Appeals will revive the issue on this side of the pond.

Patrick Bidder is a trainee solicitor in the defamation, privacy and reputation management team at London based law firm Withers.